Computer Hope
Software => Computer viruses and spyware => Topic started by: 1firetiger on September 24, 2008, 08:07:09 AM
-
I have windows xp and I lost my icons and the start button on my desktop. I tried to open it using safe mode with networking but I still only got a black screen with safe mode on the corners. And when i used ctrl alt del and tried to open explorer.exe it said windows cannot find.......... The crazy thing is is that I can still open itunes and it worked fine even syncing my ipod worked fine. I also opened avg 7.5 and ran it and it picked up a trojan horse downloader.purityscan.Z which it deleted and WINDOWS\system32\drivers\etc\hosts and it said it changed that. What else can I do because I would really like to have my icons and start menu back.
-
If getting into Task Manager and starting a New Process called explorer.exe doesn't work, I think you should continue here:
http://www.computerhope.com/forum/index.php/topic,66852.0.html
(also, we don't like users double-posting. It makes things very confusing.)
-
sorry bout that I thought you meant put it in this area but imma try and put those things on a flash drive and then try and get it to work
-
sorry bout that I thought you meant put it in this area but imma try and put those things on a flash drive and then try and get it to work
Heh, it's all right.
Yes, if you cannot get online, put them on a flash drive (along with virus definitions - get from the website)
I guess you can go ahead and post the three logs here to capture our Malware Specialists attention. ;)
-
Here is a list of my results from hijackthis. Which ones should I delete so I can hopefully get my icons and and buttons back on my desktop.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:41 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C00D74D3-E5F6-4D15-82C8-FF2C0B83AB8E} - C:\WINDOWS\system32\advpack(2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cca9d3e3] rundll32.exe "C:\WINDOWS\system32\jhhtllcc.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Handspring\Hotsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50BB527E-4EE3-4A11-8A86-E48C6A30826D}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\
O20 - Winlogon Notify: wda - C:\WINDOWS\
O20 - Winlogon Notify: xxyxwwt - xxyxwwt.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 1: Desktop Uninstall - C:\WINDOWS\warnhp.html
--
End of file - 6336 bytes
Thanks
-
Download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) to your Desktop.
- Extract all the files to your Desktop.
- A folder named SmitfraudFix will be created on your Desktop.
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd
- Select option #1 - Search by typing 1 and press Enter
- This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
- When it is done, the results of the scan will be displayed and it will create a log named rapport.txt
- This is in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
- Please attach that log in your next reply.
- Note: process.exe ( which is used by SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
-
I cant open it because i dont have my desktop and its no way to do a search when U use ctrl-alt -del and new task, is it any other way to open it because none of the folders exactly say smitfraudfix, can u help me with that
-
How did you download and run HijackThis?
-
i put it on a flash drive
-
Do the same thing with SmitfraudFix
-
when use ctrl alt del u cant do a search and there isnt a smitfruadfix.cmd on the list so there isnt a way to open it i dont think, do you know how and do U kno which 1s to delete from the hijackthis
-
can somebody help me with the hijackthis report i posted earlier, i would really appricaite it
-
HijackThis is not an antivirus and only shows some forms of malware. You need to try and get something else to run or re-install Windows.
SmitfraudFix.zip us what we need.
-
I couldnt open smitfruadfix without da search. I got into it because i opend it with winrar but it wouldnt do anything when i would hit one of the folders. what else can i do
-
Try running this.
Download Malwarebytes' Anti-Malware (MBAM) (http://www.besttechie.net/tools/mbam-setup.exe)
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
-
i saved malwarebytes onto a flash drive but it would not install on my computer. I put the program off the same flashdrive on my roomates PC. When trying to put it on my computer it goes for a while then it stops and says unable to register the DLL/OCX create process failed code 2 click retry, but when i hit retry it doesnt do anything and the same thing pops up. also when I try to get 2 delete a program by right clicking on it, it says it cant b found, can U help me out because i dont kno what else to do. Also its kinda strange because like 3 other programs were able to be installed from the same flash drive.
-
can somebody help me out
-
You can't load anything. Windows does not work.
You might be facing a reinstall. Do you have an install CD or can you borrow one that is the same as yours, XP Home or XP Pro? All you need is YOUR Windows license key and you can use any disk to do the install.
-
Is it the the blue disk, because I tried to do that and it would not show up. its like when I hit ctrl alt del the programs showed up but when i hit it nothing showed up in the open box so i couldnt open it up